2 * Copyright (c) 2005, PADL Software Pty Ltd.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of PADL Software nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 static HEIMDAL_MUTEX ccache_mutex = HEIMDAL_MUTEX_INITIALIZER;
38 static kcm_ccache_data *ccache_head = NULL;
39 static unsigned int ccache_nextid = 0;
41 char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid)
46 HEIMDAL_MUTEX_lock(&ccache_mutex);
48 HEIMDAL_MUTEX_unlock(&ccache_mutex);
50 asprintf(&name, "%d:%u", uid, n);
55 static krb5_error_code
56 kcm_ccache_resolve_internal(krb5_context context,
65 ret = KRB5_FCC_NOFILE;
67 HEIMDAL_MUTEX_lock(&ccache_mutex);
69 for (p = ccache_head; p != NULL; p = p->next) {
70 if ((p->flags & KCM_FLAGS_VALID) == 0)
72 if (strcmp(p->name, name) == 0) {
79 kcm_retain_ccache(context, p);
83 HEIMDAL_MUTEX_unlock(&ccache_mutex);
88 krb5_error_code kcm_debug_ccache(krb5_context context)
92 for (p = ccache_head; p != NULL; p = p->next) {
93 char *cpn = NULL, *spn = NULL;
97 if ((p->flags & KCM_FLAGS_VALID) == 0) {
98 kcm_log(7, "cache %08x: empty slot");
104 for (k = p->creds; k != NULL; k = k->next)
107 if (p->client != NULL)
108 krb5_unparse_name(context, p->client, &cpn);
109 if (p->server != NULL)
110 krb5_unparse_name(context, p->server, &spn);
112 kcm_log(7, "cache %08x: name %s refcnt %d flags %04x mode %04o "
113 "uid %d gid %d client %s server %s ncreds %d",
114 p, p->name, p->refcnt, p->flags, p->mode, p->uid, p->gid,
115 (cpn == NULL) ? "<none>" : cpn,
116 (spn == NULL) ? "<none>" : spn,
128 static krb5_error_code
129 kcm_ccache_destroy_internal(krb5_context context, const char *name)
134 ret = KRB5_FCC_NOFILE;
136 HEIMDAL_MUTEX_lock(&ccache_mutex);
137 for (p = &ccache_head; *p != NULL; p = &(*p)->next) {
138 if (((*p)->flags & KCM_FLAGS_VALID) == 0)
140 if (strcmp((*p)->name, name) == 0) {
149 kcm_release_ccache(context, p);
152 HEIMDAL_MUTEX_unlock(&ccache_mutex);
157 static krb5_error_code
158 kcm_ccache_alloc(krb5_context context,
162 kcm_ccache slot = NULL, p;
168 /* First, check for duplicates */
169 HEIMDAL_MUTEX_lock(&ccache_mutex);
171 for (p = ccache_head; p != NULL; p = p->next) {
172 if (p->flags & KCM_FLAGS_VALID) {
173 if (strcmp(p->name, name) == 0) {
177 } else if (slot == NULL)
185 * Create an enpty slot for us.
188 slot = (kcm_ccache_data *)malloc(sizeof(*slot));
193 slot->next = ccache_head;
194 HEIMDAL_MUTEX_init(&slot->mutex);
198 slot->name = strdup(name);
199 if (slot->name == NULL) {
205 slot->flags = KCM_FLAGS_VALID;
206 slot->mode = S_IRUSR | S_IWUSR;
212 slot->key.keytab = NULL;
214 slot->renew_life = 0;
221 HEIMDAL_MUTEX_unlock(&ccache_mutex);
225 HEIMDAL_MUTEX_unlock(&ccache_mutex);
226 if (new_slot && slot != NULL) {
227 HEIMDAL_MUTEX_destroy(&slot->mutex);
234 kcm_ccache_remove_creds_internal(krb5_context context,
241 struct kcm_creds *old;
243 krb5_free_cred_contents(context, &k->cred);
248 ccache->creds = NULL;
254 kcm_ccache_remove_creds(krb5_context context,
259 KCM_ASSERT_VALID(ccache);
261 HEIMDAL_MUTEX_lock(&ccache->mutex);
262 ret = kcm_ccache_remove_creds_internal(context, ccache);
263 HEIMDAL_MUTEX_unlock(&ccache->mutex);
269 kcm_zero_ccache_data_internal(krb5_context context,
270 kcm_ccache_data *cache)
272 if (cache->client != NULL) {
273 krb5_free_principal(context, cache->client);
274 cache->client = NULL;
277 if (cache->server != NULL) {
278 krb5_free_principal(context, cache->server);
279 cache->server = NULL;
282 kcm_ccache_remove_creds_internal(context, cache);
288 kcm_zero_ccache_data(krb5_context context,
293 KCM_ASSERT_VALID(cache);
295 HEIMDAL_MUTEX_lock(&cache->mutex);
296 ret = kcm_zero_ccache_data_internal(context, cache);
297 HEIMDAL_MUTEX_unlock(&cache->mutex);
302 static krb5_error_code
303 kcm_free_ccache_data_internal(krb5_context context,
304 kcm_ccache_data *cache)
306 KCM_ASSERT_VALID(cache);
308 if (cache->name != NULL) {
313 if (cache->flags & KCM_FLAGS_USE_KEYTAB) {
314 krb5_kt_close(context, cache->key.keytab);
315 cache->key.keytab = NULL;
316 } else if (cache->flags & KCM_FLAGS_USE_CACHED_KEY) {
317 krb5_free_keyblock_contents(context, &cache->key.keyblock);
318 krb5_keyblock_zero(&cache->key.keyblock);
326 kcm_zero_ccache_data_internal(context, cache);
329 cache->renew_life = 0;
334 HEIMDAL_MUTEX_unlock(&cache->mutex);
335 HEIMDAL_MUTEX_destroy(&cache->mutex);
341 kcm_retain_ccache(krb5_context context,
344 KCM_ASSERT_VALID(ccache);
346 HEIMDAL_MUTEX_lock(&ccache->mutex);
348 HEIMDAL_MUTEX_unlock(&ccache->mutex);
354 kcm_release_ccache(krb5_context context,
357 kcm_ccache c = *ccache;
358 krb5_error_code ret = 0;
362 HEIMDAL_MUTEX_lock(&c->mutex);
363 if (c->refcnt == 1) {
364 ret = kcm_free_ccache_data_internal(context, c);
369 HEIMDAL_MUTEX_unlock(&c->mutex);
378 kcm_ccache_gen_new(krb5_context context,
387 name = kcm_ccache_nextid(pid, uid, gid);
389 return KRB5_CC_NOMEM;
392 ret = kcm_ccache_new(context, name, ccache);
399 kcm_ccache_new(krb5_context context,
405 ret = kcm_ccache_alloc(context, name, ccache);
408 * one reference is held by the linked list,
411 kcm_retain_ccache(context, *ccache);
418 kcm_ccache_resolve(krb5_context context,
424 ret = kcm_ccache_resolve_internal(context, name, ccache);
430 kcm_ccache_destroy(krb5_context context,
435 ret = kcm_ccache_destroy_internal(context, name);
441 kcm_ccache_destroy_if_empty(krb5_context context,
446 KCM_ASSERT_VALID(ccache);
448 if (ccache->creds == NULL) {
449 ret = kcm_ccache_destroy_internal(context, ccache->name);
457 kcm_ccache_store_cred(krb5_context context,
465 KCM_ASSERT_VALID(ccache);
467 HEIMDAL_MUTEX_lock(&ccache->mutex);
468 ret = kcm_ccache_store_cred_internal(context, ccache, creds, copy, &tmp);
469 HEIMDAL_MUTEX_unlock(&ccache->mutex);
475 kcm_ccache_find_cred_uuid(krb5_context context,
481 for (c = ccache->creds; c != NULL; c = c->next)
482 if (memcmp(c->uuid, uuid, sizeof(c->uuid)) == 0)
491 kcm_ccache_store_cred_internal(krb5_context context,
497 struct kcm_creds **c;
500 for (c = &ccache->creds; *c != NULL; c = &(*c)->next)
503 *c = (struct kcm_creds *)calloc(1, sizeof(**c));
505 return KRB5_CC_NOMEM;
507 RAND_bytes((*c)->uuid, sizeof((*c)->uuid));
509 *credp = &(*c)->cred;
512 ret = krb5_copy_creds_contents(context, creds, *credp);
526 kcm_ccache_remove_cred_internal(krb5_context context,
528 krb5_flags whichfields,
529 const krb5_creds *mcreds)
532 struct kcm_creds **c;
534 ret = KRB5_CC_NOTFOUND;
536 for (c = &ccache->creds; *c != NULL; c = &(*c)->next) {
537 if (krb5_compare_creds(context, whichfields, mcreds, &(*c)->cred)) {
538 struct kcm_creds *cred = *c;
541 krb5_free_cred_contents(context, &cred->cred);
551 kcm_ccache_remove_cred(krb5_context context,
553 krb5_flags whichfields,
554 const krb5_creds *mcreds)
558 KCM_ASSERT_VALID(ccache);
560 HEIMDAL_MUTEX_lock(&ccache->mutex);
561 ret = kcm_ccache_remove_cred_internal(context, ccache, whichfields, mcreds);
562 HEIMDAL_MUTEX_unlock(&ccache->mutex);
568 kcm_ccache_retrieve_cred_internal(krb5_context context,
570 krb5_flags whichfields,
571 const krb5_creds *mcreds,
578 memset(creds, 0, sizeof(*creds));
583 for (c = ccache->creds; c != NULL; c = c->next) {
584 match = krb5_compare_creds(context, whichfields, mcreds, &c->cred);
598 kcm_ccache_retrieve_cred(krb5_context context,
600 krb5_flags whichfields,
601 const krb5_creds *mcreds,
606 KCM_ASSERT_VALID(ccache);
608 HEIMDAL_MUTEX_lock(&ccache->mutex);
609 ret = kcm_ccache_retrieve_cred_internal(context, ccache,
610 whichfields, mcreds, credp);
611 HEIMDAL_MUTEX_unlock(&ccache->mutex);